We review products independently, but we may earn commissions if you make a purchase using affiliate links on our website. We are not antivirus software; we only provide information about some products.

Cybercrime in 2019: Statistics, Trends, and the Biggest Breaches

data protection

Computers, phones, tablets, and even homes – they’re all connected to the Internet these days. It takes less than a second to go online and become a part of the global network. The World Wide Web (AKA the WWW) was created 30 years ago – in 1989, and currently, it “holds” 2+ billion websites. Now, while this new digital world has pushed technology forward and is at the core of the modern economy, it’s also home to a new type of criminals.

Cyber-attacks are a brand-new threat, and you can’t baffle them with the natural means. With trillions of dollars lost to it, world government and leading companies are investing heavily in endpoint security to ensure the safety of their data. User/employee awareness is also an issue, as humans are still a key factor in this.

In this post, we’ll talk about the biggest cybercrime threats in 2019, 2020, and the coming years. Plus, we’ll discuss the most alarming statistics and learn precisely how much the world is spending on cybersecurity. Let’s start with some interesting facts and then move on to the trends that will shape the future.

cyber sec

The Most Alarming Cybersecurity Statistics in 2019

As you’ll learn today, world powers and business owners are spending huge amounts of resources on keeping cybercriminals at bay. However, new threats are emerging every single day, and it’s almost impossible to keep track of them all and to come up with countermeasures. With that said, here is a list of the most shocking facts about cybersecurity:

  • There is a new attack every 40 seconds. Yes, that’s the official statistics, and it claims that hackers successfully breach defenses more than once in a minute. These attacks affect roughly 30% of US citizens, and the number is growing exponentially. It’s important to note that these aren’t targeted attacks, but rather the work of automated systems that are designed to find weaknesses and exploit them.
  • Tech, retail, and government are the main targets. Criminals focus on these industries, not because they’re the most vulnerable ones. On the contrary – they’ve got some of the best security systems on the planet. It’s just that their records contain a large amount of personal/sensitive data that is of interest to the hackers.
  • Small businesses are under constant threat. New research shows that up to 43% of attacks target small businesses. Phishing, social engineering, malicious, and denial-of-service are the most frequently used attack types. That happened to be a relatively safe environment in the past, but sadly, not anymore.

The owners of smaller businesses are confident that they’re not in any danger. However, the criminals don’t care whether the organization is big or not – all they care about is how to breach security. Credit card numbers, sensitive personal data, SSN (Social Security Numbers) – those are the things that will most likely be stolen. On average, smaller enterprises rarely, if ever, invest more than $1,000 in cybersecurity. No wonder they’re constantly being attacked.

  • The healthcare industry is also a primary target. Did you know that only 25% of healthcare organizations are safe? In 2018, over 75% of the agencies, companies, and facilities were successfully attacked and infected.
  • Distributed denial-of-service attacks are deadlier than ever. Reports claim that these types of attacks have increased in size and are now five times bigger. Right now, the average DDOS attack is close to 26Gbps – a new record for the industry. The primary targets for these attacks are smart homes.
  • The number of connected devices is growing rapidly. Next year, in 2020, experts predict there will be 200 billion connected devices on the planet. To put things in perspective, only 7 billion people are living in the world. Back in 2006, there were “only” two billion connected objects. Currently, there is one connected device per four US citizens. By 2020, that number could jump to 26 devices per one person.
  • Most breaches are due to human error. People make mistakes, and that’s somewhat natural. However, the fact that 95% of cybersecurity breaches are only possible “thanks” to human error is quite alarming. That’s partially why international tech giants are implementing more AI (artificial intelligence) and trusting it with security.
  • It takes most companies forever to detect breaches. You might think that modern-day organizations react to attacks quickly, but that’s not true. Most of them can take up to half a year to detect breaches and do something about it. That is equally true for minor and major attacks. The list includes giants like Facebook and Equifax, for example.

private data

Sensitive data like passwords and credit card info can’t be saved after six months. In most cases, it takes criminals less than an hour to cause irreparable damage. We can only imagine what can be done when the hackers remain undetected for six months!

  • The majority of organizations don’t have a response plan. It would be wise to have some sort of a contingency plan, right, especially after you’re experienced a breach? Well, statistics say otherwise. Almost 80% of companies that have been attacked more than once during a year don’t know how to react to security breaches.

Thankfully, the world is slowly waking up to this, and a considerable amount of future investments into cybersecurity will be spent on education. While AI can be trusted with performing difficult tasks, it’s often up to the humans to reduce the leakage to a minimum after a breach.

  • Cybercrimes are rarely reported in the US. Of all the crimes committed by criminals online, only 10% are reported in America. That’s because it’s not that easy to prove that you’ve been attacked, and the police don’t yet fully understand how to fight “bad guys” online.

And let’s not forget that, say, in the case of ransomware, people want to handle the situation on their own. No person out there wants their text, photos, or videos to become public knowledge. The same is true for organizations that can’t take a hit in terms of reputation.

In the States, the FBI has created the so-called IC3 (the Internet Crime Complaint Center) that makes it easier to report a crime committed online. Each year, they receive 300K+ complaints related to cybercrime. Hopefully, other agencies will follow their example and also start helping regular users.

Cyber Crime and Security in Numbers

  • The average cost of a breach is close to 150 million US dollars. By 2020, that number might even be higher, as more and more companies are connecting to the Internet. Another shocking number: this year, cybercriminals cost international businesses and enterprises 2+ trillion dollars. That is several times more than the cost of natural disasters. Furthermore, even the illegal drugs (narcotics) industry doesn’t generate as big of an income.
  • Cybersecurity cost is reaching a new record. While this number isn’t in any way 100% accurate, various trends show that in 2021, the world will spend up to $6 trillion on security online. The list includes world governments, militaries, businesses, and more. That will require all interested parties to rethink their budgets. By 2027, global spending could reach $10 billion!
  • Last year, cybercrime losses went over one trillion US dollars. That is the total cost, and while corporations and governments suffered the most, regular users were also heavily targeted. When it comes to hackers, it doesn’t matter who (or what) to target. As long as someone is online, that’s a potential victim for the criminals. As mentioned earlier, this year, total losses have already reached 2 trillion dollars.
  • Breaches hurt share prices. On average, security breaches lead to a 7.3% share price fall, and this reaches its peak 10-14 days after the attack. True, most international scandals usually have a stronger effect on share prices, but this is still a rather significant negative effect.
  • Bitcoin is at the heart of illegal transactions. Digital currency is only starting to gain momentum; yet, it’s already creating a lot of “buzz” around the world. The pros include anonymity and safety, along with impressive transfer speed. Sadly, digital currency is mostly associated with illegal activity, at least for now. Terrorists, illegal organizations, and hackers use Bitcoins to turn into digital shadows during transactions.

cyber sec 2019 stat

In 2019, the digital currency was used for transferring as much as $76 billion. Next, year, we might have $100 billion on our hands, unless world governments do something about that.

  • By 2024, the cybersecurity market will reach 300 billion dollars. There’s no telling whether this will happen or not, but expenses will rise. Currently, Symantec, one of the wealthiest companies in the industry, makes ~$5 billion a year. At the same time, there are numerous cheap and free anti-malware solutions available online.
  • Hackers make more than $3 billion a year through social media. Recent research proves that Facebook, Twitter, and other media are playing a key role in the rise of cybercrime. Just think about this: three billion US dollars is more than Donald Trumps’ net worth!
  • Criminals steal $600+ million worth of personal data on social media. Another alarming fact about social media: half of the personal info trading traces back to Facebook, and Twitter mentioned above. That includes passwords, logins, and, of course, credit card numbers.

The Biggest Security Breaches in 2019

Last, but not least, let us take a look at some of the significant incidents that happened this year. Ransomware attacks, local government breaches, supply chain attacks, and personal information theft – we’ve seen it all in 2019.

The CBP (Customs and Border Protection) Case

This May, a surveillance contractor for the CBP was breached by a group of skilled hackers. As a result, they managed to steal license plates and photographs of over 100K people. The contractor, a company called Perceptics, also lost critical info about the US government’s surveillance hardware and how Customs and Border Protection uses it at several borders.

A couple of days later, the criminals posted everything they stole on the dark web. That’s when Washington officials had to let go of Perceptics (without even giving a proper explanation as to why they did that). A quick fact: CBP wants to install cameras, and expensive facial-recognition scans in all major US airports (20 in total).

However, civil rights activists are strongly against this. And, since the agency clearly can’t protect its data, it seems like the privacy advocates have a point here.

Ransomware Attacks on Local Governments

True, this type of threat is nothing new: ransomware has been around for many years. Still, in 2019, hackers found new ways to implement it, and they’ve been targeting health care providers, various agencies, and organizations. On top of that, cybercriminals are now attacking local governments, like in the case of the early 2019 Georgia (Jackson County) court attack.

They knocked it offline, and there was nothing the officials could do. They had to pay 400K dollars to get back access to the court system. In June, ransomware paralyzed three municipalities in Florida. The list includes Riviera Beach, Lake City, and Key Biscayne. The attackers demanded payment in digital currency. Riviera paid them 65 bitcoins (that’s 600K US dollars); Lake City paid 42 bitcoins (~500K dollars).

Ransomware Attacks on Manufacturing and Industrial Firms

Along with disabling courts and demanding a ransom, hackers have also been messing with industrial firms on a large scale. LockerGoga is a new type of ransomware – it meddles with systems that control physical equipment. With numerous firms giving more and more control to computers, it’s becoming easier for criminals to target them online.

It started at Altran, a French consulting company. Then Norsk Hydro, a Norwegian aluminum giant, was attacked (the criminals switched operations to manual). These are just two examples of the most recent attacks, but, sadly, they’re not the only ones. In many ways, they are similar to NotPetya of Russian origin and WannaCry (North Korea).

The Attack on the AMCA System

The American Medical Collection Agency is a gigantic debt collector that specializes in health care. And the data breach that happened this year raised a lot of concerns. They detected the breach in March 2019; however, the attackers gained access back in August 2018. Overall, the personal data of ~20 million customers were exposed.

So, what did this data include? Real addresses, dates of birth, phone numbers, names, health care providers, and more. Thankfully, the hackers couldn’t get their hands on Social Security and Insurance ID numbers. Still, the breach affected several affiliated companies, and some of them even filed for bankruptcy.

Aggressive Supply Chain Attacks

This term is used to describe what looks like a trustworthy update for an app but is actually a virus. In 2017, the most destructive chain attack was the Russia-based NotPetya. In 2018, ShadowPad, a group of hackers presumably from China, attacked one million Asus device owners. They signed in with a real certificate and “fooled” the Live Update tool.

This year, the specialists working in Kaspersky discovered that another hacker group used a supply chain attack on Visual Studio. Video Game developers widely use Microsoft’s creative launching pad. The criminals used this to find backdoors into their systems. There’s no telling how many potential targets were infected.

And now, let us take a look at the most significant trends in modern-day cybercrime. With 4.5 billion (!) records successfully breached by hackers in 2018, it’s obvious that this threat is only getting bigger. The following list includes the most alarming security issues in 2019, as well as some trends that will, most likely, take over 2020.

Remote Access Attacks

Last year, crypto-jacking was one of the biggest nightmares for the fans of cryptocurrency (like Bitcoins, for example). In 2019, it’s the most popular remote access attack, and the threat is even higher. The so-called “perimeter devices” are also always under attack. Owners of connected slash smart homes are the main target for these types of attacks.

Cybercriminals relentlessly attack every single connected device. The list includes desktop computers, mobile devices (smartphones and tablets), IP cameras, and even NAS (network-attached storage) devices. Hackers exploit the fact that these devices have open ports that aren’t protected in any way.

Brand-New Phishing Schemes

Most users don’t take phishing attacks seriously and are confident that they’ll never fall victim to them. Meanwhile, according to official statistics, up to 35% of all URLs on the Internet are potentially dangerous. In 2018-2019, criminals created new “kits” for more effective hacking. They are available on the DarkNet, and right now, no government can make sure these never fall into the wrong hands.

The worst thing about these new kits is that they are relatively easy to use. Plus, they cost as little as one dollar and are available to everyone. True, for more complicated attacks, hackers have to pay a handsome sum, but for starters, the cheap kits will do. Furthermore, if you know where to look, there won’t even be a need to go to the dark web.

It’s obvious that next year, phishing will become a more significant threat than it’s ever been. Here’s a quick reminder of how it works: hackers send you emails pretending to be the representatives of well-known and respected companies. And when you trust them enough to share personal info, they steal passwords, logins, and credit card numbers.

Most users don’t even suspect that they’re giving their credentials to criminals. And, by the time they realize this, it’s usually too late. A quick fact: email is the leading malware carrier (92.4%).

Large-Scale Smartphone Attacks

Speaking of phishing, it’s a big threat to mobile devices, and smartphone attacks have dramatically increased since last year. According to official RSA statistics, 60+ percent of online fraud/scams are done through various mobile platforms. Furthermore, mobile apps are to blame for 80% of those attacks (as opposed to web browsers).

The majority of users manage financial transactions through their phones, instead of secure devices (like a desktop PC/Mac). For advanced hackers, it’s significantly easier to steal credentials from phones/tablets than heavily-protected computers. Besides, most people keep sensitive information on mobile gadgets, which makes it more beneficial to target them first.

Artificial Intelligence

In recent years, AI has been vastly improved and is now playing a key role in various forward-thinking industries. Process automation with machine learning is the next big thing, and it helps to increase performance and eliminate human error. At the same time, since this is new, uncharted territory, cybercriminals are continually finding ways to exploit artificial intelligence.

We’re not even talking about new hacking techniques that breach security even in the most advanced AI-controlled environments. The focus is on the use of artificial intelligence in finding new ways to hack more “traditional” systems. Again, criminals are using it to optimize and automate various processes, which makes it easier (and faster) to penetrate even the most advanced layers of security.

AI is excellent at creating an email that goes through various filters undetected (they can’t “see” that a human does not write it). Social engineering is yet another field that AI can help the criminals in. Sending mail, calling potential victims, and creating new profiles – those are just some of the things that AI can do.

The Internet of Things

According to our experts, the industry of the Internet of Things (IoT) will grow significantly in 2020. By the end of the year, it is expected to cover up to seven billion devices/gadgets around the globe. Now, IoT devices are known to collect user data, and they’re quite weak against DDOS attacks.

Initially, IoT devices weren’t designed to be secure, as nobody thought they might be targeted. Another reason: that would’ve significantly increased production cost and made these devices unattractive to potential customers. We already mentioned Remote Access attacks, and statistics show that almost 50% of all the attacks on these devices are performed remotely.

On average, it takes a skilled hacker less than five minutes to penetrate an IoT device. The worst thing about this – you can’t turn any IoT device off, as they need to be online 24/7 to work.

Summing Up

Twenty years ago, nobody in their right mind would’ve called online attacks the biggest challenge of our time. Ten years ago, several CEOs around the world started to raise the alarm. Today, in 2020, cybercrime is a huge threat, especially for leading tech giants. In the next ten years, cybercrime might very well turn into a considerable risk not only for corporations but also for regular people.

Electric cars, smart homes, smartphones, smartwatches, tablets, and good old desktop computers – they’re all a potential target. Back in the day, using a reliable antivirus was effective enough to protect yourself from outside threats. But now, you also need an anti-keylogger, protection against phishing, ransomware, spyware, and more. A VPN is also a must, especially for masking your online activities from prying eyes.

Hopefully, the 2018-2019 statistics and the 2019-2020 trends that we discussed today will help you to stay safe online. With trillions of dollars at stake, it’s clear that cybersecurity will become one of the most important industries of the next five years. All we can do for now is wait and see what the future brings!